feed/packages.git
7 years agowireguard: bump to release 0.0.20171005 for 17.01 4914/head
Jason A. Donenfeld [Sat, 7 Oct 2017 23:20:15 +0000 (01:20 +0200)]
wireguard: bump to release 0.0.20171005 for 17.01

WireGuard is well documented for being an experimental project, not
currently ready to be stabilized. As such, it's important for packagers
to always keep the project up to date in all contexts.

However, it is common for some projects, such as LEDE/OpenWrt to have
stable branches, which don't expect a lot of churn or modification.

The WireGuard that happened to ship with 17.01 is broken and crufty and
shouldn't be used at all. It's highly unlikely that there's anybody out
there even using it; it won't work with anything else.

So, this commit updates the 17.01 package to the latest upstream
version. Because the 17.01 stable branch can't be updated all the time,
it's important that this bump here in this commit is a stable one.

I believe 0.0.20171005 to be a fairly stable snapshot, which should be
suitable for the 17.01 branch. As stated earlier, the 0.0.20170115
currently in this branch is highly problematic. 0.0.20171005 offers
extremely important changes.

I'll continue to send package bumps for 17.01, but only for snapshot
releases that I think fix an important bug or provide a noted increase
in stability, or have similar goals to this commit.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
7 years agoMerge pull request #4879 from nxhack/17_01-CVE-2017-1000250
Hauke Mehrtens [Tue, 3 Oct 2017 09:24:11 +0000 (11:24 +0200)]
Merge pull request #4879 from nxhack/17_01-CVE-2017-1000250

[lede-17.01] bluez: fix CVE-2017-1000250

7 years agobluez: fix CVE-2017-1000250 4879/head
Hirokazu MORIKAWA [Wed, 27 Sep 2017 05:09:45 +0000 (14:09 +0900)]
bluez: fix CVE-2017-1000250

Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
bluez: fix CVE-2017-1000250

Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
7 years agotor: update to version 0.2.9.12
Hauke Mehrtens [Wed, 20 Sep 2017 18:27:34 +0000 (20:27 +0200)]
tor: update to version 0.2.9.12

This fixes the TROVE-2017-008 (CVE-2017-0380) security problem.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
7 years agotor: update to version 0.2.9.11
Hauke Mehrtens [Mon, 3 Jul 2017 21:00:29 +0000 (23:00 +0200)]
tor: update to version 0.2.9.11

This fixes CVE-2017-0376

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
7 years agoMerge pull request #4862 from luizluca/17.01/ruby-2.4.2
champtar [Sat, 23 Sep 2017 23:52:04 +0000 (16:52 -0700)]
Merge pull request #4862 from luizluca/17.01/ruby-2.4.2

[17.01] ruby: bump to 2.4.2 (backported from master)

7 years agoruby: bump to 2.4.2 4862/head
Luiz Angelo Daros de Luca [Mon, 18 Sep 2017 04:41:53 +0000 (01:41 -0300)]
ruby: bump to 2.4.2

This release contains some security fixes.

 CVE-2017-0898: Buffer underrun vulnerability in Kernel.sprintf
 CVE-2017-10784: Escape sequence injection vulnerability in the Basic authentication of WEBrick
 CVE-2017-14033: Buffer underrun vulnerability in OpenSSL ASN1 decode
 CVE-2017-14064: Heap exposure in generating JSON
 Multiple vulnerabilities in RubyGems
 Update bundled libyaml to version 0.1.7.

And many other bugfix.

Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
(cherry picked from commit 699d9bef30df17272b834a6c6bd8d0c5f8bbf1c9)

7 years agocollectd: uptime plugin: apply fix from upstream
Hannu Nyman [Fri, 15 Sep 2017 16:10:37 +0000 (19:10 +0300)]
collectd: uptime plugin: apply fix from upstream

Backport from master the fix for uptime plugin.
Adjust it for 5.5.3

  Uptime plugin fails to adjust for system time changes after boot.
  As Openwrt/LEDE routers usually do not have a RTC, the system time
  gets adjusted with NTP possibly after collectd has already started.
  But collectd continues to use the initial time set by 'sysfixtime',
  which can lead to incorrect uptime calculations.

  Apply a proposed fix from upstream that uses /proc/uptime

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
7 years agoMerge pull request #4834 from marcin1j/pr/20170911-mwan3-backport-lede17.01-66406f9
Hannu Nyman [Fri, 15 Sep 2017 12:49:40 +0000 (15:49 +0300)]
Merge pull request #4834 from marcin1j/pr/20170911-mwan3-backport-lede17.01-66406f9

mwan3: fix interface-bound traffic when interface is offline

7 years agomwan3: fix interface-bound traffic when interface is offline 4834/head
Marcin Jurkowski [Sat, 2 Sep 2017 22:56:09 +0000 (00:56 +0200)]
mwan3: fix interface-bound traffic when interface is offline

This is a backport of 66406f9 to LEDE 17.01 and replaces hotfix 282e900.

Signed-off-by: Marcin Jurkowski <marcin1j@gmail.com>
7 years agohaproxy: update to 1.7.8 and pending patches
Thomas Heil [Wed, 16 Aug 2017 23:07:49 +0000 (01:07 +0200)]
haproxy: update to 1.7.8 and pending patches
 - fixes reload issue with hanging process

Signed-off-by: Thomas Heil <heil@terminal-consulting.de>
7 years agopcre: Added fix for CVE-2017-11164 by adding stack recursion limit
Thomas Heil [Sun, 3 Sep 2017 13:03:56 +0000 (15:03 +0200)]
pcre: Added fix for CVE-2017-11164 by adding stack recursion limit

Signed-off-by: Thomas Heil <heil@terminal-consulting.de>
7 years agopcre: upgrade to version 8.41
Thomas Heil [Wed, 16 Aug 2017 23:18:45 +0000 (01:18 +0200)]
pcre: upgrade to version 8.41
 - fixes security issues

Signed-off-by: Thomas Heil <heil@terminal-consulting.de>
7 years agostrongswan: fix typo
Stijn Tintel [Tue, 30 May 2017 17:25:04 +0000 (19:25 +0200)]
strongswan: fix typo

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
(cherry picked from commit 4660504c610cc1f4d3d8ef77e7f7fbc6b2fc3d54)

7 years agostrongswan: add curve25519 plugin
Stijn Tintel [Tue, 30 May 2017 13:12:08 +0000 (15:12 +0200)]
strongswan: add curve25519 plugin

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
(cherry picked from commit a268689adca731fe9c500ddf43ba41b5a502a593)

7 years agostrongswan: bump to 5.5.3
Stijn Tintel [Tue, 30 May 2017 12:32:01 +0000 (14:32 +0200)]
strongswan: bump to 5.5.3

Fixes CVE-2017-9022, CVE-2017-9023.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
(cherry picked from commit 960006be50203ebeaa136ec49229eb286e9de785)

7 years agostrongswan: bump to 5.5.2
Stijn Tintel [Thu, 20 Apr 2017 14:55:51 +0000 (16:55 +0200)]
strongswan: bump to 5.5.2

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
(cherry picked from commit 18b076ab9359d56ff1fc5b89bda378f2e4723e2d)

Conflicts:
net/strongswan/Makefile

7 years agoMerge pull request #4722 from TDT-GmbH/mwan3-fixes
champtar [Fri, 25 Aug 2017 21:10:45 +0000 (14:10 -0700)]
Merge pull request #4722 from TDT-GmbH/mwan3-fixes

net/mwan3: fixes for mwan3 (lede-17.01)

7 years agonet/mwan3: update Makefile 4722/head
Florian Eckert [Fri, 18 Aug 2017 06:54:13 +0000 (08:54 +0200)]
net/mwan3: update Makefile

- Update version
- Update maintainer to me

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
7 years agoMerge pull request #4741 from EricLuehrsen/unbound_1_6_5
Hannu Nyman [Tue, 22 Aug 2017 14:43:53 +0000 (17:43 +0300)]
Merge pull request #4741 from EricLuehrsen/unbound_1_6_5

[LEDE-17.01] unbound: update to 1.6.5

7 years agounbound: update to 1.6.5 4741/head
Eric Luehrsen [Tue, 22 Aug 2017 02:39:28 +0000 (22:39 -0400)]
unbound: update to 1.6.5

This fixes the root.key file if created when unbound is installed between sep11 and oct11 2017

Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
7 years agonet/mwan3: remove lock file on mwan3 stop
Florian Eckert [Thu, 17 Aug 2017 09:57:17 +0000 (11:57 +0200)]
net/mwan3: remove lock file on mwan3 stop

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(cherry picked from commit 5e123852bc2fc6970e9502ca01a697b2fb394e23)

7 years agonet/mwan3: fix ping issue if last interface recovers from failure
Florian Eckert [Mon, 31 Jul 2017 10:04:18 +0000 (12:04 +0200)]
net/mwan3: fix ping issue if last interface recovers from failure

Even though error was fixed the interface checks still fails, if last_resort
was set to blackhole or unreachable.

To fix this issue do not remove failure interface from iptables change on
down event.

Reported-by: Colby Whitney <colby.whitney@luxul.com>
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(cherry picked from commit 6d99b602fd3425df7b9a3f8d583a2092bb5e1b94)

7 years agonet/mwan3: fix ipset generation in hotplug script with an lock
Florian Eckert [Wed, 2 Aug 2017 12:53:18 +0000 (14:53 +0200)]
net/mwan3: fix ipset generation in hotplug script with an lock

Fix critical section during hotplug events.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(cherry picked from commit a4fbc7eba670c2622c47ee9fe3d60d89909ea559)

7 years agonet/mwan3: add lock for mwan3 hotplug script
Florian Eckert [Thu, 22 Jun 2017 09:48:01 +0000 (11:48 +0200)]
net/mwan3: add lock for mwan3 hotplug script

If more then one interface get up/down at once mwan3 could be in a
undefined state, because more then one mwan3 hotplug script are running
and editing the iptables.

Lock the critical section should solve this issue.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(cherry picked from commit b6e9debc1b97f9e4be70fb51404831ed870d844a)

7 years agonet/mwan3: add connected network regardless of mwan3 interface enable state
Florian Eckert [Thu, 27 Apr 2017 07:22:27 +0000 (09:22 +0200)]
net/mwan3: add connected network regardless of mwan3 interface enable state

If netifd set an interface up/down which is not tracked by mwan3 the
connected network of that interface should regardless be added/removed to the
mwan3_connected ipset.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(cherry picked from commit f94975b71fc80912dd84feb845c2d86aeb82e7b1)

7 years agonet/mwan3: mwan3track interrupt sleep on signal (trap) event
Florian Eckert [Thu, 6 Apr 2017 14:36:46 +0000 (16:36 +0200)]
net/mwan3: mwan3track interrupt sleep on signal (trap) event

Sleep will be aborted if a signal is send to this process.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(cherry picked from commit 7e80e83dfdbfd1408244399ef6af580fff218d4f)

7 years agonet/mwan3: fix hotplug on ACTION ifdown
Florian Eckert [Fri, 17 Mar 2017 10:06:24 +0000 (11:06 +0100)]
net/mwan3: fix hotplug on ACTION ifdown

On dynamic interface proto (dhcp/pppoe) the hotplug will not execude (exit 9)
because the gateway is already released. The check will now only be made
on a ifup ACTION event.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(cherry picked from commit 28c8b664e471df9adbba5f2b8598b4e95ae36f4b)

7 years agomosquitto: properly use localhost instead of ipv4
Karl Palsson [Wed, 16 Aug 2017 14:54:08 +0000 (14:54 +0000)]
mosquitto: properly use localhost instead of ipv4

On some environments, connecting to localhost was resolving to ::1,
which didn't match the bind to the explicit 127.0.0.1.

Signed-off-by: Karl Palsson <karlp@etactica.com>
7 years agomosquitto: support more config options in UCI
Karl Palsson [Wed, 7 Jun 2017 16:44:36 +0000 (16:44 +0000)]
mosquitto: support more config options in UCI

Added many more UCI config options, particularly for bridge connections

The recently introduced username/password options for bridges are kept,
even though they have been deprecated upstream for a while.  In keeping
with this, while support is kept in UCI, the generated mosquitto.conf
file will always generate the "modern" remote_username/remote_password
options preferred by mosquitto instead.

Likewise for bridge clientid and remote_clientid options.

Signed-off-by: Karl Palsson <karlp@etactica.com>
7 years agoacme: Make sure postrm script doesn't fail
Toke Høiland-Jørgensen [Tue, 15 Aug 2017 23:10:55 +0000 (01:10 +0200)]
acme: Make sure postrm script doesn't fail

Fixes #4716.

Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
7 years agoacme: Fix for curl linked against mbed TLS. (#4254)
Daniel H [Wed, 12 Apr 2017 20:51:58 +0000 (22:51 +0200)]
acme: Fix for curl linked against mbed TLS. (#4254)

Use newest acme.sh release (2.6.8).
Remove dependency on ca-certificates and add dependency on ca-bundle.
Update environment variable.

Signed-off-by: Daniel Halmschlager <da@halms.at>
Backport to 17.01 for compatibility with 17.01.2, but keep the old envvar so
it'll hopefully keep working for users who haven't upgraded.

Closes #4579, closes #4699.

Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
7 years agonlbwmon: update to latest version
Jo-Philipp Wich [Wed, 2 Aug 2017 15:11:30 +0000 (17:11 +0200)]
nlbwmon: update to latest version

Changes since last update:

32fc092 build: remove extraneous _GNU_SOURCE defines
096aaa3 build: compile with -D_GNU_SOURCE
76487b5 transform to source-only repository

Fixes build with uClibc and eglibc toolchains.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
7 years agonlbwmon: add package
Jo-Philipp Wich [Fri, 28 Jul 2017 13:30:06 +0000 (15:30 +0200)]
nlbwmon: add package

This commit introduces nlbwmon, the lightweight NetLink BandWidth Montor.

The nlbwmon daemon gathers per-host traffic statistics by querying netlink
accounting data. Due to this approach, the executable is very small and does
not rely on libpcap and CPU intensive raw sockets to monitor traffic.

Besides raw per-host traffic counters, nlbwmon also support rudimentary
traffic classification by observing IP protocols and used port numbers.

Gathered accounting data is stored into a series of database files which
are regularily committed to persistent storage.

Refresh, commit and accounting intervals are freely configurable as well
as the layer7 protocol mapping rules and observed source subnets.

This package also bundles a cli client which can be used to dump the
gathered traffic data as JSON, CSV or plaintext data. A pull request to
add a graphical LuCI frontend for nlbwmon is pending.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
7 years agomosquitto: update to 1.4.14
Karl Palsson [Tue, 11 Jul 2017 10:12:06 +0000 (10:12 +0000)]
mosquitto: update to 1.4.14

Fixes a regression due to the CVE fix in the recently released 1.4.13.

https://mosquitto.org/2017/07/version-1-4-14-released/

Signed-off-by: Karl Palsson <karlp@etactica.com>
7 years agomosquitto: update to 1.4.13
Karl Palsson [Mon, 10 Jul 2017 14:29:13 +0000 (14:29 +0000)]
mosquitto: update to 1.4.13

Primarily a bugfix release for a CVE that doesn't affect lede/openwrt,
but also includes some websockets perfomance fixes.

Release notes at https://mosquitto.org/2017/07/version-1-4-13-released/

Signed-off-by: Karl Palsson <karlp@etactica.com>
7 years agozabbix: update to 3.2.6
Etienne Champetier [Sat, 8 Jul 2017 18:56:26 +0000 (11:56 -0700)]
zabbix: update to 3.2.6

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
7 years agozabbix: partially fix zabbix-extra-mac80211
Etienne Champetier [Sat, 8 Jul 2017 15:30:14 +0000 (08:30 -0700)]
zabbix: partially fix zabbix-extra-mac80211

In kernel commit f1160434c7658af3f7b0926b88df49a66cb3c3e0 many stats
that we read with zabbix-extra-mac80211 have been renamed
One commit after (c206ca670974cefec7ac3732db5c8156e8081a8d) those renamed
stats have been hidden behind MAC80211_DEBUG_COUNTERS compile flag

For now you have to edit mac80211 Makefile / do a custom build to access
most of these stats

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
7 years agozabbix: update to 3.2.4, use PKG_HASH
Etienne CHAMPETIER [Mon, 23 Jan 2017 03:48:30 +0000 (19:48 -0800)]
zabbix: update to 3.2.4, use PKG_HASH

Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
7 years agolighttpd: backport more mod_cgi fixes queued for 1.4.46
Rafał Miłecki [Thu, 29 Jun 2017 07:24:37 +0000 (09:24 +0200)]
lighttpd: backport more mod_cgi fixes queued for 1.4.46

The most important change is local redirects being disabled by default.
There is an option called cgi.local-redir that allows enabling this
optimization manually back if needed.

Local redirects were initially introduced in 1.4.40 but caused many
problems for *some* web services.

One of problems is breaking Post/Redirect/Get design pattern. With
redirects handled on server side there is no browser redirection making
it "lose" the POST data.

Another possible issue are HTML forms with action="". With CGI local
redirects browser may be sending form data to the wrong URL (the one
that was supposed to redirect the browser).

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
7 years agocoreutils: stdbuf: fix missing libstdbuf.so
Yousong Zhou [Mon, 19 Jun 2017 01:47:00 +0000 (09:47 +0800)]
coreutils: stdbuf: fix missing libstdbuf.so

Fixes #1674

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
7 years agognutls: updated to 3.5.13
Nikos Mavrogiannopoulos [Sun, 18 Jun 2017 11:18:44 +0000 (13:18 +0200)]
gnutls: updated to 3.5.13

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
7 years agolibtasn1: updated to 4.12
Nikos Mavrogiannopoulos [Sun, 18 Jun 2017 11:20:40 +0000 (13:20 +0200)]
libtasn1: updated to 4.12

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
7 years agoopenconnect: new option mtu
Yousong Zhou [Mon, 8 May 2017 05:07:23 +0000 (13:07 +0800)]
openconnect: new option mtu

According to openconnect --help output:

  -m, --mtu=MTU                   Request MTU from server
      --base-mtu=MTU              Indicate path MTU to/from server

Fixes #2099 by allowing setting tunnel mtu

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
7 years agoopenconnect: drop stale config: interface
Yousong Zhou [Mon, 8 May 2017 05:06:10 +0000 (13:06 +0800)]
openconnect: drop stale config: interface

It was introduced with 41f8d5465 ("openconnect: fix a couple of minor
things and add an interface option") and not needed since 4083de9d7
("openconnect: use proto_add_host_dependency")

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
7 years agoopenconnect: Bump openconnect to 7.08
Qian [Wed, 26 Apr 2017 23:48:28 +0000 (16:48 -0700)]
openconnect: Bump openconnect to 7.08

Bump openconnect to 7.08. Remove patch as it is included in the
upstream source.

Signed-off-by: Qian Sheng billsq@billsq.me
7 years agominidlna: backport fixes from 1.1.6 and 1.2.0 releases
Rafał Miłecki [Thu, 15 Jun 2017 05:55:23 +0000 (07:55 +0200)]
minidlna: backport fixes from 1.1.6 and 1.2.0 releases

This fixes one or two issues and adds support for few new devices
including Kodi.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
7 years agoMerge pull request #4482 from MikePetullo/lede-17.01
Daniel Golle [Wed, 14 Jun 2017 22:40:54 +0000 (00:40 +0200)]
Merge pull request #4482 from MikePetullo/lede-17.01

openldap: update to 2.4.45

7 years agoopenldap: update to 2.4.45 4482/head
W. Michael Petullo [Wed, 14 Jun 2017 22:17:41 +0000 (18:17 -0400)]
openldap: update to 2.4.45

Fixes CVE-2017-9287

Signed-off-by: W. Michael Petullo <mike@flyn.org>
7 years agomosquitto: fix empty client-nossl package
Karl Palsson [Wed, 7 Jun 2017 15:40:28 +0000 (15:40 +0000)]
mosquitto: fix empty client-nossl package

Fallout of PROVIDES handling.
Fixes: https://github.com/openwrt/packages/issues/4432
Signed-off-by: Karl Palsson <karlp@etactica.com>
7 years agoMerge pull request #4443 from MikePetullo/lede-17.01-libdmapsharing
Hannu Nyman [Tue, 6 Jun 2017 06:50:51 +0000 (09:50 +0300)]
Merge pull request #4443 from MikePetullo/lede-17.01-libdmapsharing

libdmapsharing: update to 2.9.38

7 years agolibdmapsharing: update to 2.9.38 4443/head
W. Michael Petullo [Mon, 5 Jun 2017 21:23:31 +0000 (17:23 -0400)]
libdmapsharing: update to 2.9.38

Signed-off-by: W. Michael Petullo <mike@flyn.org>
7 years agotor: update to version 0.2.9.10
Hauke Mehrtens [Mon, 13 Mar 2017 21:31:21 +0000 (22:31 +0100)]
tor: update to version 0.2.9.10

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
7 years agonet/mosquitto: bump to 1.4.12 for CVE-2017-7650
Karl Palsson [Mon, 29 May 2017 10:49:08 +0000 (10:49 +0000)]
net/mosquitto: bump to 1.4.12 for CVE-2017-7650

Dot release, primarily due to CVE-2017-7650 but also rolls up some
earlier patches.

Signed-off-by: Karl Palsson <karlp@etactica.com>
7 years agocanutils: rework recipe
Yegor Yefremov [Fri, 10 Mar 2017 13:56:40 +0000 (14:56 +0100)]
canutils: rework recipe

Don't group any utilities but just list them all as they are.

Fixes:
https://github.com/openwrt/packages/issues/3695

Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
7 years agovsftpd: create directory for extra config files
Hannu Nyman [Tue, 9 May 2017 13:30:05 +0000 (16:30 +0300)]
vsftpd: create directory for extra config files

* create /etc/vsftpd directory for extra config files
  like userlist, certificate and key
* modify config file to use that directory
* include that directory in conffiles for backup

* use PKG_HASH
* update URL

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
(cherry picked from commit 3f390c55097e6d447c9c788d8b836519127fc1de)

7 years agoMerge pull request #4300 from mrnuke/for-17.01-gpsd
Hannu Nyman [Mon, 8 May 2017 07:14:49 +0000 (10:14 +0300)]
Merge pull request #4300 from mrnuke/for-17.01-gpsd

utils/gpsd: Backport ncurses6 support from master

7 years agognutls: updated to 3.5.11
Nikos Mavrogiannopoulos [Mon, 8 May 2017 03:38:19 +0000 (05:38 +0200)]
gnutls: updated to 3.5.11

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
7 years agoocserv: updated to 0.11.8
Nikos Mavrogiannopoulos [Mon, 8 May 2017 03:36:59 +0000 (05:36 +0200)]
ocserv: updated to 0.11.8

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
7 years agonet/mosquito: bump to 1.4.11
Karl Palsson [Wed, 5 Apr 2017 14:01:59 +0000 (14:01 +0000)]
net/mosquito: bump to 1.4.11

Full changelog available at:
https://mosquitto.org/2017/02/version-1-4-11-released/

Mostly ipv6 and websockets fixes, but requires a patch (submitted
upstream) to work around an accidental glibc dependency upstream.

Signed-off-by: Karl Palsson <karlp@etactica.com>
7 years agonet/mosquitto: support more config fields in init script
Karl Palsson [Thu, 4 May 2017 11:13:04 +0000 (11:13 +0000)]
net/mosquitto: support more config fields in init script

Adds the "notifications" option which is important when connecting
mosquitto to rabbitmq for instance.

Signed-off-by: Karl Palsson <karlp@etactica.com>
7 years agonet/mosquitto: Added further security configuration options for bridge section
David Thornley [Tue, 2 May 2017 02:08:46 +0000 (12:08 +1000)]
net/mosquitto: Added further security configuration options for bridge section

Signed-off-by: David Thornley <david.thornley@touchstargroup.com>
7 years agonet/mosquitto: use PROVIDES for -client tools also
Karl Palsson [Wed, 5 Apr 2017 13:59:29 +0000 (13:59 +0000)]
net/mosquitto: use PROVIDES for -client tools also

Earlier, PROVIDES handling was clarified for the broker and the library.
Use the same style to properly provide the -client-ssl and -client-nossl
packages.

Signed-off-by: Karl Palsson <karlp@etactica.com>
7 years agoadblock: backport updates to 2.6.2
Dirk Brenken [Sat, 29 Apr 2017 21:01:55 +0000 (00:01 +0300)]
adblock: backport updates to 2.6.2

Backport updates in 2.5.0-2.6.2 from master.

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
7 years agocollectd: build cpufreq also for armvirt target
Hannu Nyman [Fri, 28 Apr 2017 16:13:56 +0000 (19:13 +0300)]
collectd: build cpufreq also for armvirt target

Enable collectd-mod-cpufreq also for armvirt to make it
available for ipq806x devices in LEDE buildbot builds.

LEDE phase2 buildbot for arm_cortex-a15_neon-vfpv4 that is
the package arch for ipq806x, uses armvirt SDK instead of
ipq806x SDK.

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
7 years agonano: Update to version 2.7.5
Daniel Albers [Fri, 28 Apr 2017 15:29:16 +0000 (18:29 +0300)]
nano: Update to version 2.7.5

Description: fixes a crash with zero-length regex matches and further updates

Signed-off-by: Daniel Albers <Daniel.Albers@public-files.de>
(cherry picked from commit 249ae1f164d18edaa79aa28a2084857aeeacf365)

7 years agoirqbalance: backport package from master
Hannu Nyman [Thu, 27 Apr 2017 20:44:32 +0000 (23:44 +0300)]
irqbalance: backport package from master

The purpose of irqbalance is to distribute hardware interrupts across
processors/cores on a multiprocessor/-core system in order to increase
performance.

Only the cmd-line tool is compiled and installed.

Run-tested with ipq806x / R7800.

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
(cherry picked from commit c5913bd12d73c4c781b79c16246a8e9c8d236b8f)
(cherry picked from commit c42ecd05a1c91070bc86b4d8254972562b6e0c67)
(cherry picked from commit a1a96fc9fa8312c87ee997d613e9e9de3f3a82d9)

7 years agoutils/gpsd: Backport ncurses6 support from master 4300/head
Alexandru Gagniuc [Tue, 25 Apr 2017 19:06:39 +0000 (12:06 -0700)]
utils/gpsd: Backport ncurses6 support from master

Because gpsd FTBTS without this patch.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
7 years agoMerge pull request #4279 from equinox0815/collectd-fix-gcrypt-include-path
Hannu Nyman [Thu, 20 Apr 2017 06:19:15 +0000 (09:19 +0300)]
Merge pull request #4279 from equinox0815/collectd-fix-gcrypt-include-path

collectd: fix libgcrypt include dir

7 years agocollectd: fix libgcrypt include dir 4279/head
Christian Pointner [Wed, 19 Apr 2017 21:45:38 +0000 (23:45 +0200)]
collectd: fix libgcrypt include dir

Signed-off-by: Christian Pointner <equinox@spreadspace.org>
7 years agosubversion: add unixodbc dependency
Val Kulkov [Wed, 19 Apr 2017 14:19:18 +0000 (17:19 +0300)]
subversion: add unixodbc dependency

Compile tested: LEDE HEAD

If unixodbc package is present in the environment, subversion
fails to compile due to missing dependencies.

Fixes the dependency on unixodbc if unixodbc package is selected.

Signed-off-by: Val Kulkov <val.kulkov@gmail.com>
(cherry picked from commit 06a529df359b6704c383cf4881531f409ebb41b0)

7 years agoMerge pull request #4184 from luizluca/cc/ruby_update
Hannu Nyman [Wed, 19 Apr 2017 12:14:11 +0000 (15:14 +0300)]
Merge pull request #4184 from luizluca/cc/ruby_update

[lede-17.01] ruby: bump to 2.4.1

7 years agocollectd: upstream fix for vulnerabity in network plugin
Hannu Nyman [Wed, 19 Apr 2017 09:20:53 +0000 (12:20 +0300)]
collectd: upstream fix for vulnerabity in network plugin

Backport an upstream fix for a DDoS vulnerability in the
network plugin: CVE-2017-7401

The patch has been adapted from the fix for 5.6 branch,
as 5.5 is already EoL in practice.

Run-tested with R7800/ipq806x.

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
7 years agoMerge pull request #4277 from nxhack/cve_2017_7868
Hannu Nyman [Wed, 19 Apr 2017 09:16:26 +0000 (12:16 +0300)]
Merge pull request #4277 from nxhack/cve_2017_7868

[lede-17.01] icu: fix CVE-2017-7867 CVE-2017-7868

7 years ago[lede-17.01] icu: fix CVE-2017-7867 CVE-2017-7868 4277/head
Hirokazu MORIKAWA [Wed, 19 Apr 2017 02:29:47 +0000 (11:29 +0900)]
[lede-17.01] icu: fix CVE-2017-7867 CVE-2017-7868

icu: CVE-2017-7867 CVE-2017-7868: Heap-buffer-overflow in utf8TextAccess

Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
icu: increase PKG_RELEASE

7 years agolua-bencode: download .tar.gz instead of using hg
Hannu Nyman [Tue, 18 Apr 2017 20:33:47 +0000 (23:33 +0300)]
lua-bencode: download .tar.gz instead of using hg

Avoid using 'hg' (Mercurial) to download sources.

'hg' is not an official prerequisite and it is not installed
in all buildslaves in Openwrt and LEDE buildbots, which
leads to frequent build failures.

Download the .tar.gz source archive instead.

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
(cherry picked from commit 74e53c48425609b4f0adb0b284b71a85e4e40b88)

7 years agodovecot: disable ICU normalization support for FTS #4077
Lucian Cristian [Tue, 18 Apr 2017 19:46:09 +0000 (22:46 +0300)]
dovecot: disable ICU normalization support for FTS #4077

Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
(cherry picked from commit a00af843750043d59906a5712254298ddfb30b82)

7 years agodovecot: change the maintainer to me
Lucian Cristian [Mon, 6 Mar 2017 00:14:01 +0000 (02:14 +0200)]
dovecot: change the maintainer to me

Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
(cherry picked from commit 1c38b1d22f4e83c5b46c5ee37cd110cb19ff5a85)

7 years agolighttpd: disable trigger_b4_dl module due to buildbot failure
Hannu Nyman [Tue, 18 Apr 2017 13:16:37 +0000 (16:16 +0300)]
lighttpd: disable trigger_b4_dl module due to buildbot failure

trigger_b4_dl fails to build in the 17.01 buildbot and that causes
also three other modules to be unbuilt (userdir, usertrack, webdav).

As a quick fix, disable trigger_b4_dl to see if the three missing
modules then build ok in the buildbot.

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
7 years agoRevert "lighttpd: add new modules, upd URLs, add restart()"
Hannu Nyman [Sun, 9 Apr 2017 18:38:28 +0000 (21:38 +0300)]
Revert "lighttpd: add new modules, upd URLs, add restart()"

This reverts commit 18d7593c726938a17c2d7fb23aa9de64fb1e8aa5.

Buildbot did not build the new version successfully due to
krb5 detection problems. Let's revert to the previous version,
so that 17.01.1 can be built in a stable way.

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
7 years agolighttpd: add new modules, upd URLs, add restart()
Glenn Strauss [Sat, 8 Apr 2017 08:10:59 +0000 (11:10 +0300)]
lighttpd: add new modules, upd URLs, add restart()

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
cherry picked from commit 6e788aca0c5c004c3fe493ab31929fec97506070
Hopefully this will fix compilation of some plugins in the 17.01 buildbot.
signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>

7 years agoMerge pull request #4238 from EricLuehrsen/unbound_17_01
Hannu Nyman [Thu, 6 Apr 2017 07:19:48 +0000 (10:19 +0300)]
Merge pull request #4238 from EricLuehrsen/unbound_17_01

[lede-17.01] unbound: merge trunk bugfixes for March 2017

7 years agounbound: improve interface trigger behavior 4238/head
Eric Luehrsen [Sat, 25 Mar 2017 05:53:28 +0000 (01:53 -0400)]
unbound: improve interface trigger behavior

procd interface triggers may be busy. Unbound hard restarts will
flush the cache. This might happen frequently depending on how
interface triggers occur.

Change the procd trigger to reduce occurences. Load this trigger
prior to netifd (START=20), but only truly start Unbound from
the trigger rather than immediately in init. Clean up log entries
in scripts after Unbound, NTP, and DNSSEC are established.

Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
7 years agounbound: support copy without dash update
Eric Luehrsen [Wed, 22 Mar 2017 01:43:42 +0000 (21:43 -0400)]
unbound: support copy without dash update

Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
7 years agounbound: fix hotplug iface and ntp restarts
Eric Luehrsen [Sat, 18 Mar 2017 02:45:47 +0000 (22:45 -0400)]
unbound: fix hotplug iface and ntp restarts

Unbound is configured to restart on hotplug/iface but this can result
in numerous restarts at boot. Unbound also has a restart for NTP.
This was observed to generate trouble and even with procd robustness
too many crashes might occur (rare). Unbound would not be running.

Give more care to /var/lib/unbound/root.key during restarts. Use procd
for iface restarts. Check pidof() to wait one more second for Unbound.

Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
7 years agounbound: bugfix init race condition invalid FQDN
Eric Luehrsen [Sun, 5 Mar 2017 19:52:28 +0000 (14:52 -0500)]
unbound: bugfix init race condition invalid FQDN

options 'add_local_fqdn' and 'add_wan_fqdn' can be affected
by race conditions when they are at level 4. Interface name
may not be returned by network tools. The conf file has bad
record formats and Unbound just will not load. Detect this
and fall back to only the host FQDN (level 3).

squash: improve documentation wording and format codes.

Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
7 years agounbound: fix odhcpd trigger script
Audric Schiltknecht [Sun, 12 Mar 2017 20:11:48 +0000 (16:11 -0400)]
unbound: fix odhcpd trigger script

Read UNBOUND_TXT_DOMAIN from main unbound configuration.
This prevents records to be added into Unbound in the default 'lan' zone.

Signed-off-by: Audric Schiltknecht <storm+github@chemicalstorm.org>
7 years agopackage: haproxy
Thomas Heil [Mon, 3 Apr 2017 11:50:03 +0000 (13:50 +0200)]
package: haproxy
[RELEASE] Released version 1.7.5 due to bug in compression

 Released version 1.7.5 with the following main changes :
  - BUG/MEDIUM: peers: fix buffer overflow control in intdecode.
  - BUG/MEDIUM: buffers: Fix how input/output data are injected into buffers
  - BUG/MEDIUM: http: Fix blocked HTTP/1.0 responses when compression is enabled
  - BUG/MINOR: filters: Don't force the stream's wakeup when we wait in flt_end_analyze
  - DOC: fix parenthesis and add missing "Example" tags
  - DOC: update the contributing file
  - DOC: log-format/tcplog/httplog update
  - MINOR: config parsing: add warning when log-format/tcplog/httplog is overriden in "defaults" sections

Signed-off-by: Thomas Heil <heil@terminal-consulting.de>
7 years agopackage: haproxy
Thomas Heil [Tue, 28 Mar 2017 11:16:19 +0000 (13:16 +0200)]
package: haproxy
Correct Download Url to http://www.haproxy.org/download/1.7/src

Signed-off-by: Thomas Heil <heil@terminal-consulting.de>
7 years agopackage: haproxy bump to latest stable 1.7.4
Thomas Heil [Tue, 28 Mar 2017 09:42:16 +0000 (11:42 +0200)]
package: haproxy bump to latest stable 1.7.4
    [RELEASE] Released version 1.7.4

    Released version 1.7.4 with the following main changes :
        - MINOR: config: warn when some HTTP rules are used in a TCP proxy
        - BUG/MINOR: spoe: Fix soft stop handler using a specific id for spoe filters
        - BUG/MINOR: spoe: Fix parsing of arguments in spoe-message section
        - BUG/MEDIUM: ssl: Clear OpenSSL error stack after trying to parse OCSP file
        - BUG/MEDIUM: cli: Prevent double free in CLI ACL lookup
        - BUG/MINOR: Fix "get map <map> <value>" CLI command
        - BUG/MAJOR: connection: update CO_FL_CONNECTED before calling the data layer
        - BUG/MEDIUM: ssl: switchctx should not return SSL_TLSEXT_ERR_ALERT_WARNING
        - BUG/MINOR: checks: attempt clean shutw for SSL check
        - CONTRIB: tcploop: add limits.h to fix build issue with some compilers
        - CONTRIB: tcploop: make it build on FreeBSD
        - CONTRIB: tcploop: fix time format to silence build warnings
        - CONTRIB: tcploop: report action 'K' (kill) in usage message
        - CONTRIB: tcploop: fix connect's address length
        - CONTRIB: tcploop: use the trash instead of NULL for recv()
        - BUG/MEDIUM: listener: do not try to rebind another process' socket
        - BUG/MEDIUM: filters: Fix channels synchronization in flt_end_analyze
        - BUG/MAJOR: stream-int: do not depend on connection flags to detect connection
        - BUG/MEDIUM: connection: ensure to always report the end of handshakes
        - BUG: payload: fix payload not retrieving arbitrary lengths
        - BUG/MAJOR: http: fix typo in http_apply_redirect_rule
        - MINOR: doc: 2.4. Examples should be 2.5. Examples
        - BUG/MEDIUM: stream: fix client-fin/server-fin handling
        - MINOR: fd: add a new flag HAP_POLL_F_RDHUP to struct poller
        - BUG/MINOR: raw_sock: always perfom the last recv if RDHUP is not available
        - DOC/MINOR: Fix typos in proxy protocol doc
        - DOC: Protocol doc: add checksum, TLV type ranges
        - DOC: Protocol doc: add SSL TLVs, rename CHECKSUM
        - DOC: Protocol doc: add noop TLV
        - MEDIUM: global: add a 'hard-stop-after' option to cap the soft-stop time
        - BUG/MINOR: cfgparse: loop in tracked servers lists not detected by check_config_validity().
        - MINOR: server: irrelevant error message with 'default-server' config file keyword.
        - MINOR: doc: fix use-server example (imap vs mail)
        - BUG/MEDIUM: tcp: don't require privileges to bind to device
        - BUILD: make the release script use shortlog for the final changelog
        - BUILD: scripts: fix typo in announce-release error message

Signed-off-by: Thomas Heil <heil@terminal-consulting.de>
7 years agopackage: memcached - upgrade to latest stable
Thomas Heil [Tue, 28 Mar 2017 09:34:23 +0000 (11:34 +0200)]
package: memcached - upgrade to latest stable
bump to version 1.4.36

Signed-off-by: Thomas Heil <heil@terminal-consulting.de>
7 years agoruby: bump to 2.4.1 4184/head
Luiz Angelo Daros de Luca [Thu, 23 Mar 2017 03:40:46 +0000 (00:40 -0300)]
ruby: bump to 2.4.1

This releases contains only bug and security fixes,
mostly backported from devel branch.

(cherry picked from commit 26d19b5cb1293d0e2058c09bb63c007bd124cdb2)

Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
7 years ago[libs/pcre]: fix CVE-2017-7186
Thomas Heil [Mon, 27 Mar 2017 08:03:16 +0000 (10:03 +0200)]
[libs/pcre]: fix CVE-2017-7186
Fix CVE-2017-7186 mentioned in https://bugs.exim.org/show_bug.cgi?id=2052

Signed-off-by: Thomas Heil <heil@terminal-consulting.de>
7 years agopackage: haproxy
heil [Thu, 16 Mar 2017 21:35:59 +0000 (22:35 +0100)]
package: haproxy
 - bump to stable 1.7.3 and pending patches from upstream

Signed-off-by: heil <heil@terminal-consulting.de>
7 years agoMerge pull request #4120 from gabri94/lede-17.01
Jo-Philipp Wich [Tue, 14 Mar 2017 13:01:44 +0000 (14:01 +0100)]
Merge pull request #4120 from gabri94/lede-17.01

openwisp-config: new package

7 years agoopenwisp-config: new package 4120/head
gabri94 [Fri, 3 Mar 2017 13:26:06 +0000 (14:26 +0100)]
openwisp-config: new package

Signed-off-by: Gabriele Gemmi <gabriel@autistici.org>
7 years agoadblock: backport updates upto 2.4.0-2
Dirk Brenken [Sat, 4 Mar 2017 16:20:24 +0000 (18:20 +0200)]
adblock: backport updates upto 2.4.0-2

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Original commit messages:

adblock: update 2.3.2
* optimize memory consumption &
  enable overall sort only on devices with > 64MB RAM,
  this prevents sort related kernel dumps
(cherry picked from commit 8c5b9a0802dec0876488779f0836c5b4698388cc)

adblock: release 2.4.0
* add tld compression,
  this new "top level domain compression" removes up to 40 thousand
  needless host entries from the block lists and
  lowers the memory footprint for the dns backends by 8-10 MByte
* optimize restart behavior in case of an error
* cosmetics
(cherry picked from commit ed470f0dcc66f42bc57e3795e3c9f37629e2cbcd)

adblock: release 2.4.0 (release 2)
* add missing sort step if tld compression was disabled
(cherry picked from commit b3b9972eacdf4acc5ff231f7aa5c32d14fbc4841)

7 years agoMerge pull request #4072 from EricLuehrsen/unbound_17_01
Hannu Nyman [Thu, 2 Mar 2017 12:37:18 +0000 (14:37 +0200)]
Merge pull request #4072 from EricLuehrsen/unbound_17_01

[lede-17.01] unbound: service update respective of 1.6.1-2

7 years agounbound: improve maintenance of trust anchor 4072/head
Eric Luehrsen [Thu, 2 Mar 2017 05:28:35 +0000 (00:28 -0500)]
unbound: improve maintenance of trust anchor

Unbound UCI tries to protect embedded flash from excess
use. Unbound RFC5011 KSK tracking can rewrite root.key
every few minutes to an hour. It also writes and destroys
files in the same directory during the process.

Recommended UCI delays for copying busy work in /var/
back to /etc/ may be too conservative. These are all
changed from 28 to 9 days.

The RFC5011 KSK results were also destroyed by an
init.d restart, even if /var/ is mounted on persistent
storage like USB drive. /var/lib/unbound/root.key is
now preserved during this process, unless a newer key
is installed in /etc/ manually or package update.

Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
7 years agounbound: Update to 1.6.1 with 2017 trust anchor
Eric Luehrsen [Thu, 23 Feb 2017 02:35:56 +0000 (21:35 -0500)]
unbound: Update to 1.6.1 with 2017 trust anchor

Unbound 1.6.1 has a few bug fixes for resource leaks,
configuration robustness, compile environment interaction,
and maintaining the trust anchor. The 2017 trust anchor
(DS) is built into unbound and unbound-anchor.

File /etc/unbound/root.key holds 2010/2017 DS record until 2018
https://www.icann.org/resources/pages/ksk-rollover
https://www.iana.org/domains/root

Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>